Details of VAR-202302-0778

ID

VAR-202302-0778

CVE

CVE-2023-0776

TITLE

Baicells Nova Command injection vulnerability

Trust: 0.6

sources: CNNVD: CNNVD-202302-750

DESCRIPTION

Baicells Nova 436Q, Nova 430E, Nova 430I, and Neutrino 430 LTE TDD eNodeB devices with firmware through QRTB 2.12.7 are vulnerable to remote shell code exploitation via HTTP command injections. Commands are executed using pre-login execution and executed with root permissions. The following methods below have been tested and validated by a 3rd party analyst and has been confirmed exploitable special thanks to Rustam Amin for providing the steps to reproduce

Trust: 0.99

sources: NVD: CVE-2023-0776 // VULMON: CVE-2023-0776

IOT TAXONOMY

category:

['vehicle device']

sub_category:

mobile device

Trust: 0.1

sources: OTHER: None

AFFECTED PRODUCTS

vendor:	baicells	model:	nova430e	scope:	lte	version:	qrtb_2.12.7	Trust: 1.0
vendor:	baicells	model:	nova436q	scope:	lte	version:	qrtb_2.12.7	Trust: 1.0
vendor:	baicells	model:	nova430l	scope:	lte	version:	qrtb_2.12.7	Trust: 1.0
vendor:	baicells	model:	neutrino 430	scope:	lte	version:	qrtb_2.12.7	Trust: 1.0

sources: NVD: CVE-2023-0776

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2023-0776
value:	CRITICAL
Trust: 1.0
security@baicells.com:	CVE-2023-0776
value:	HIGH
Trust: 1.0
CNNVD:	CNNVD-202302-750
value:	CRITICAL
Trust: 0.6

nvd@nist.gov:	CVE-2023-0776
baseSeverity:	CRITICAL
baseScore:	10.0
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	CHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	3.9
impactScore:	6.0
version:	3.1
Trust: 1.0
security@baicells.com:	CVE-2023-0776
baseSeverity:	HIGH
baseScore:	8.1
vectorString:	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:H/A:L
attackVector:	NETWORK
attackComplexity:	HIGH
privilegesRequired:	NONE
userInteraction:	NONE
scope:	CHANGED
confidentialityImpact:	LOW
integrityImpact:	HIGH
availabilityImpact:	LOW
exploitabilityScore:	2.2
impactScore:	5.3
version:	3.1
Trust: 1.0

sources: CNNVD: CNNVD-202302-750 // NVD: CVE-2023-0776 // NVD: CVE-2023-0776

PROBLEMTYPE DATA

problemtype:	CWE-77	Trust: 1.0
problemtype:	CWE-79	Trust: 1.0

sources: NVD: CVE-2023-0776

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202302-750

TYPE

command injection

Trust: 0.6

sources: CNNVD: CNNVD-202302-750

PATCH

title:

Baicells Nova Fixes for command injection vulnerabilities

url:

http://123.124.177.30/web/xxk/bdxqById.tag?id=225422

Trust: 0.6

sources: CNNVD: CNNVD-202302-750

EXTERNAL IDS

db:	NVD	id:	CVE-2023-0776	Trust: 1.8
db:	AUSCERT	id:	ESB-2023.1331	Trust: 0.6
db:	CNNVD	id:	CNNVD-202302-750	Trust: 0.6
db:	OTHER	id:	NONE	Trust: 0.1
db:	VULMON	id:	CVE-2023-0776	Trust: 0.1

sources: OTHER: None // VULMON: CVE-2023-0776 // CNNVD: CNNVD-202302-750 // NVD: CVE-2023-0776

REFERENCES

url:	https://baicells.com/service/firmware	Trust: 1.7
url:	https://cxsecurity.com/cveshow/cve-2023-0776/	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2023.1331	Trust: 0.6
url:	https://ieeexplore.ieee.org/abstract/document/10769424	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1

sources: OTHER: None // VULMON: CVE-2023-0776 // CNNVD: CNNVD-202302-750 // NVD: CVE-2023-0776

SOURCES

db:	OTHER	id:	-
db:	VULMON	id:	CVE-2023-0776
db:	CNNVD	id:	CNNVD-202302-750
db:	NVD	id:	CVE-2023-0776

LAST UPDATE DATE

2025-01-30T22:20:52.760000+00:00

SOURCES UPDATE DATE

db:	VULMON	id:	CVE-2023-0776	date:	2023-02-12T00:00:00
db:	CNNVD	id:	CNNVD-202302-750	date:	2023-03-03T00:00:00
db:	NVD	id:	CVE-2023-0776	date:	2023-11-07T04:01:26.697

SOURCES RELEASE DATE

db:	VULMON	id:	CVE-2023-0776	date:	2023-02-11T00:00:00
db:	CNNVD	id:	CNNVD-202302-750	date:	2023-02-11T00:00:00
db:	NVD	id:	CVE-2023-0776	date:	2023-02-11T01:23:26.113